I have today updated the plugin. The free version no longer has this issue but does use Twitter's official embedded tweet timeline to output rather than flat HTML. I wrote a blog post about it today.

As a result I have also made Twitter Feed PRO and launched it today, where it has more options than ever before, including letting you select the HTTPS version of a profile picture for this very reason.